skynet-webportal/docker/nginx/conf.d/include/location-skylink

include /etc/nginx/conf.d/include/cors;
include /etc/nginx/conf.d/include/proxy-buffer;
include /etc/nginx/conf.d/include/proxy-cache-downloads;
include /etc/nginx/conf.d/include/track-download;

# redirect purge calls to separate location
error_page 462 = @purge;
if ($request_method = PURGE) {
    return 462;
}

limit_conn downloads_by_ip 100; # ddos protection: max 100 downloads at a time

# ensure that skylink that we pass around is base64 encoded (transform base32 encoded ones)
# this is important because we want only one format in cache keys and logs
set_by_lua_block $skylink { return require("skynet.skylink").parse(ngx.var.skylink) }

# $skylink_v1 and $skylink_v2 variables default to the same value but in case the requested skylink was:
# a) skylink v1 - it would not matter, no additional logic is executed
# b) skylink v2 - in a lua block below we will resolve the skylink v2 into skylink v1 and update 
#      $skylink_v1 variable so then the proxy request to skyd can be cached in nginx (proxy_cache_key 
#      in proxy-cache-downloads includes $skylink_v1 as a part of the cache key)
set $skylink_v1 $skylink;
set $skylink_v2 $skylink;

# variable for Skynet-Proof header that we need to inject 
# into a response if the request was for skylink v2
set $skynet_proof '';

# default download rate to unlimited
set $limit_rate 0;

access_by_lua_block {
    local httpc = require("resty.http").new()

    -- detect whether requested skylink is v2
    local isBase32v2 = string.len(ngx.var.skylink) == 55 and string.sub(ngx.var.skylink, 0, 2) == "04"
    local isBase64v2 = string.len(ngx.var.skylink) == 46 and string.sub(ngx.var.skylink, 0, 2) == "AQ"
    
    if isBase32v2 or isBase64v2 then
        -- 10.10.10.10 points to sia service (alias not available when using resty-http)
        local res, err = httpc:request_uri("http://10.10.10.10:9980/skynet/resolve/" .. ngx.var.skylink_v2, {
            headers = { ["User-Agent"] = "Sia-Agent" }
        })

        -- print error and exit with 500 or exit with response if status is not 200
        if err or (res and res.status ~= ngx.HTTP_OK) then
            ngx.status = (err and ngx.HTTP_INTERNAL_SERVER_ERROR) or res.status
            ngx.header["content-type"] = "text/plain"
            ngx.say(err or res.body)
            return ngx.exit(ngx.status)
        end

        local json = require('cjson')
        local resolve = json.decode(res.body)
        ngx.var.skylink_v1 = resolve.skylink
        ngx.var.skynet_proof = res.headers["Skynet-Proof"]
    end

    -- this block runs only when accounts are enabled
    if os.getenv("ACCOUNTS_ENABLED") ~= "true" then return end

    -- 10.10.10.70 points to accounts service (alias not available when using resty-http)
    local res, err = httpc:request_uri("http://10.10.10.70:3000/user/limits", {
        headers = { ["Cookie"] = "skynet-jwt=" .. ngx.var.skynet_jwt }
    })
    
    -- fail gracefully in case /user/limits failed
    if err or (res and res.status ~= ngx.HTTP_OK) then
        ngx.log(ngx.ERR, "Failed accounts service request /user/limits: ", err or ("[HTTP " .. res.status .. "] " .. res.body))
        ngx.var.limit_rate = 2621440 -- (20 * 1024 * 1024 / 8) conservative fallback to 20 mbps in case accounts failed to return limits
    elseif res and res.status == ngx.HTTP_OK then
        local json = require('cjson')
        local limits = json.decode(res.body)
        ngx.var.limit_rate = limits.download
    end
}

header_filter_by_lua_block {
    ngx.header["Skynet-Portal-Api"] = os.getenv("SKYNET_PORTAL_API")
    ngx.header["Skynet-Server-Api"] = os.getenv("SKYNET_SERVER_API")

    -- not empty skynet_proof means this is a skylink v2 request
    -- so we should replace the Skynet-Proof header with the one
    -- we got from /skynet/resolve/ endpoint, otherwise we would
    -- be serving cached empty v1 skylink Skynet-Proof header
    if ngx.var.skynet_proof and ngx.var.skynet_proof ~= "" then
        ngx.header["Skynet-Proof"] = ngx.var.skynet_proof
    end
}

limit_rate_after 512k;
limit_rate $limit_rate;

proxy_read_timeout 600;
proxy_set_header User-Agent: Sia-Agent;

# in case the requested skylink was v2 and we already resolved it to skylink v1, we are going to pass resolved 
# skylink v1 to skyd to save that extra skylink v2 lookup in skyd but in turn, in case skyd returns a redirect 
# we need to rewrite the skylink v1 to skylink v2 in the location header with proxy_redirect
proxy_redirect $skylink_v1 $skylink_v2;
proxy_pass http://sia:9980/skynet/skylink/$skylink_v1$path$is_args$args;
drop caddy as proxy 2021-08-27 12:15:22 +00:00			`include /etc/nginx/conf.d/include/cors;`
			`include /etc/nginx/conf.d/include/proxy-buffer;`
			`include /etc/nginx/conf.d/include/proxy-cache-downloads;`
			`include /etc/nginx/conf.d/include/track-download;`

			`# redirect purge calls to separate location`
			`error_page 462 = @purge;`
			`if ($request_method = PURGE) {`
			`return 462;`
			`}`

			`limit_conn downloads_by_ip 100; # ddos protection: max 100 downloads at a time`

implement base32 decoder 2021-11-05 11:57:06 +00:00			`# ensure that skylink that we pass around is base64 encoded (transform base32 encoded ones)`
			`# this is important because we want only one format in cache keys and logs`
			`set_by_lua_block $skylink { return require("skynet.skylink").parse(ngx.var.skylink) }`

drop caddy as proxy 2021-08-27 12:15:22 +00:00			`# $skylink_v1 and $skylink_v2 variables default to the same value but in case the requested skylink was:`
expose skylink endpoint over external domains 2021-09-20 20:20:48 +00:00			`# a) skylink v1 - it would not matter, no additional logic is executed`
drop caddy as proxy 2021-08-27 12:15:22 +00:00			`# b) skylink v2 - in a lua block below we will resolve the skylink v2 into skylink v1 and update`
			`# $skylink_v1 variable so then the proxy request to skyd can be cached in nginx (proxy_cache_key`
			`# in proxy-cache-downloads includes $skylink_v1 as a part of the cache key)`
			`set $skylink_v1 $skylink;`
			`set $skylink_v2 $skylink;`

			`# variable for Skynet-Proof header that we need to inject`
			`# into a response if the request was for skylink v2`
			`set $skynet_proof '';`

			`# default download rate to unlimited`
			`set $limit_rate 0;`

			`access_by_lua_block {`
			`local httpc = require("resty.http").new()`

			`-- detect whether requested skylink is v2`
			`local isBase32v2 = string.len(ngx.var.skylink) == 55 and string.sub(ngx.var.skylink, 0, 2) == "04"`
			`local isBase64v2 = string.len(ngx.var.skylink) == 46 and string.sub(ngx.var.skylink, 0, 2) == "AQ"`

			`if isBase32v2 or isBase64v2 then`
			`-- 10.10.10.10 points to sia service (alias not available when using resty-http)`
			`local res, err = httpc:request_uri("http://10.10.10.10:9980/skynet/resolve/" .. ngx.var.skylink_v2, {`
			`headers = { ["User-Agent"] = "Sia-Agent" }`
			`})`

			`-- print error and exit with 500 or exit with response if status is not 200`
			`if err or (res and res.status ~= ngx.HTTP_OK) then`
			`ngx.status = (err and ngx.HTTP_INTERNAL_SERVER_ERROR) or res.status`
			`ngx.header["content-type"] = "text/plain"`
			`ngx.say(err or res.body)`
			`return ngx.exit(ngx.status)`
			`end`

			`local json = require('cjson')`
			`local resolve = json.decode(res.body)`
			`ngx.var.skylink_v1 = resolve.skylink`
			`ngx.var.skynet_proof = res.headers["Skynet-Proof"]`
			`end`

			`-- this block runs only when accounts are enabled`
			`if os.getenv("ACCOUNTS_ENABLED") ~= "true" then return end`

			`-- 10.10.10.70 points to accounts service (alias not available when using resty-http)`
			`local res, err = httpc:request_uri("http://10.10.10.70:3000/user/limits", {`
fix account endpoint nginx subrequests 2021-08-27 16:33:27 +00:00			`headers = { ["Cookie"] = "skynet-jwt=" .. ngx.var.skynet_jwt }`
drop caddy as proxy 2021-08-27 12:15:22 +00:00			`})`

			`-- fail gracefully in case /user/limits failed`
			`if err or (res and res.status ~= ngx.HTTP_OK) then`
			`ngx.log(ngx.ERR, "Failed accounts service request /user/limits: ", err or ("[HTTP " .. res.status .. "] " .. res.body))`
			`ngx.var.limit_rate = 2621440 -- (20 * 1024 * 1024 / 8) conservative fallback to 20 mbps in case accounts failed to return limits`
			`elseif res and res.status == ngx.HTTP_OK then`
			`local json = require('cjson')`
			`local limits = json.decode(res.body)`
			`ngx.var.limit_rate = limits.download`
			`end`
			`}`

			`header_filter_by_lua_block {`
			`ngx.header["Skynet-Portal-Api"] = os.getenv("SKYNET_PORTAL_API")`
			`ngx.header["Skynet-Server-Api"] = os.getenv("SKYNET_SERVER_API")`

			`-- not empty skynet_proof means this is a skylink v2 request`
			`-- so we should replace the Skynet-Proof header with the one`
			`-- we got from /skynet/resolve/ endpoint, otherwise we would`
			`-- be serving cached empty v1 skylink Skynet-Proof header`
			`if ngx.var.skynet_proof and ngx.var.skynet_proof ~= "" then`
			`ngx.header["Skynet-Proof"] = ngx.var.skynet_proof`
			`end`
			`}`

			`limit_rate_after 512k;`
			`limit_rate $limit_rate;`

			`proxy_read_timeout 600;`
			`proxy_set_header User-Agent: Sia-Agent;`

expose skylink endpoint over external domains 2021-09-20 20:20:48 +00:00			`# in case the requested skylink was v2 and we already resolved it to skylink v1, we are going to pass resolved`
drop caddy as proxy 2021-08-27 12:15:22 +00:00			`# skylink v1 to skyd to save that extra skylink v2 lookup in skyd but in turn, in case skyd returns a redirect`
			`# we need to rewrite the skylink v1 to skylink v2 in the location header with proxy_redirect`
			`proxy_redirect $skylink_v1 $skylink_v2;`
			`proxy_pass http://sia:9980/skynet/skylink/$skylink_v1$path$is_args$args;`